rule Linux_Exploit_CVE_2012_0056_06b2dff5 {
    meta:
        author = "Elastic Security"
        id = "06b2dff5-250a-46e0-b763-8e6b04498fe2"
        fingerprint = "82b200deae93c8fa376d670f5091d9a63730a6f5b5e8a0567fe9c283075d57c0"
        creation_date = "2021-01-12"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2012-0056"
        reference_sample = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 20 66 64 20 69 6E 20 70 61 72 65 6E 74 2E 00 5B 2B 5D 20 52 65 63 }
    condition:
        all of them
}

rule Linux_Exploit_CVE_2012_0056_b39839f4 {
    meta:
        author = "Elastic Security"
        id = "b39839f4-e6f4-44bd-a636-ce355f3c5c6a"
        fingerprint = "f269c4aecbb55e24d9081d7a1e4bd6cfa9799409b3a3d7a6f9bf127f7468dedc"
        creation_date = "2021-01-12"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2012-0056"
        reference_sample = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 08 02 7E 3E 8B 45 0C 83 C0 04 8B 00 0F B6 00 3C 2D 75 2F 8B }
    condition:
        all of them
}

rule Linux_Exploit_CVE_2012_0056_a1e53450 {
    meta:
        author = "Elastic Security"
        id = "a1e53450-036e-4ae3-bfe4-64a6c7239a04"
        fingerprint = "d0a0635fb356ccedb1448082cc63748d49d45f8a25e43eab7ac1d67e87062b8f"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.CVE-2012-0056"
        reference_sample = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 80 31 C9 B3 ?? B1 02 B0 3F CD 80 31 C0 50 68 6E }
    condition:
        all of them
}

